hxxps://t[.]uk[.]nespresso[.]com/r/?id=h859505ee,590c6122,56f60c49&p1=[//]link[.]mail[.]beehiiv[.]com/ss/c/u001[.]PuKoIL7Wfh0H_yfkc0GGYKlpH6Zsaz2paRxdkDvWIOIO68FsQyYAW0Bdf_IjTCwiFP-HtTagiLMp94WdKLxltUQFsDUMam1E-3o-wrWlqP-Lxxp4Tk3tjxn4-q4dmYmqvhmbPsxmgw6dcBVgwVek9zJK5KyGS6TcdjM1rQ3k5MjpqxVfzTVrstq6oS_zLhf9N4kpwLJ87ZMsuzr7-lAp2Q/44o/hiLYBfHkQXC2VmVU0OYjFA/h7/h001[.]T92uPgGqydYkeqFfMbSXYqFzCZl1otQ4iAgzr7M-cVI#bmV3c0BydGwubHU=

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15-03-2024 13:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.uk.nespresso.com/r/?id=h859505ee,590c6122,56f60c49&p1=//link.mail.beehiiv.com/ss/c/u001.PuKoIL7Wfh0H_yfkc0GGYKlpH6Zsaz2paRxdkDvWIOIO68FsQyYAW0Bdf_IjTCwiFP-HtTagiLMp94WdKLxltUQFsDUMam1E-3o-wrWlqP-Lxxp4Tk3tjxn4-q4dmYmqvhmbPsxmgw6dcBVgwVek9zJK5KyGS6TcdjM1rQ3k5MjpqxVfzTVrstq6oS_zLhf9N4kpwLJ87ZMsuzr7-lAp2Q/44o/hiLYBfHkQXC2VmVU0OYjFA/h7/h001.T92uPgGqydYkeqFfMbSXYqFzCZl1otQ4iAgzr7M-cVI#bmV3c0BydGwubHU=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2188	msedge.exe
2188	msedge.exe
1636	msedge.exe
1636	msedge.exe
4348	identity_helper.exe
4348	identity_helper.exe
6060	msedge.exe
6060	msedge.exe
6060	msedge.exe
6060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 4456	1636	msedge.exe	88
PID 1636 wrote to memory of 4456	1636	msedge.exe	88
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 4692	1636	msedge.exe	89
PID 1636 wrote to memory of 2188	1636	msedge.exe	90
PID 1636 wrote to memory of 2188	1636	msedge.exe	90
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91
PID 1636 wrote to memory of 632	1636	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.uk.nespresso.com/r/?id=h859505ee,590c6122,56f60c49&p1=//link.mail.beehiiv.com/ss/c/u001.PuKoIL7Wfh0H_yfkc0GGYKlpH6Zsaz2paRxdkDvWIOIO68FsQyYAW0Bdf_IjTCwiFP-HtTagiLMp94WdKLxltUQFsDUMam1E-3o-wrWlqP-Lxxp4Tk3tjxn4-q4dmYmqvhmbPsxmgw6dcBVgwVek9zJK5KyGS6TcdjM1rQ3k5MjpqxVfzTVrstq6oS_zLhf9N4kpwLJ87ZMsuzr7-lAp2Q/44o/hiLYBfHkQXC2VmVU0OYjFA/h7/h001.T92uPgGqydYkeqFfMbSXYqFzCZl1otQ4iAgzr7M-cVI#bmV3c0BydGwubHU=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd321346f8,0x7ffd32134708,0x7ffd32134718
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,123941989738893258,15341033812753226759,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,123941989738893258,15341033812753226759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,123941989738893258,15341033812753226759,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,123941989738893258,15341033812753226759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,123941989738893258,15341033812753226759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,123941989738893258,15341033812753226759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,123941989738893258,15341033812753226759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,123941989738893258,15341033812753226759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,123941989738893258,15341033812753226759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,123941989738893258,15341033812753226759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,123941989738893258,15341033812753226759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,123941989738893258,15341033812753226759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,123941989738893258,15341033812753226759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,123941989738893258,15341033812753226759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,123941989738893258,15341033812753226759,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4648 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1ad3b445-f189-4640-b205-a865af84b768.tmp

Filesize
11KB

MD5
28de3a3e1040a8077f3a5d4ca3bd1182

SHA1
47a07562c0bbcb91eb98116ff5ee76970b792182

SHA256
eafe56aa3fccde41848dcbaff5af3cc9addc1dc3ebe3027316340517465be35f

SHA512
8f1d089a31701ee2990f347a0b6d77cacf4fcb9827939bbda1389c6f79f5abddf0fda20fc9b5d87ddd86c322ed75d5c700a79f0a1b9ebed314805a4345ccb2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
9935a58f1f935673051446a625e4efb7

SHA1
8accc1d334df8f77d5526a95d192789e2e87d538

SHA256
31fbce76a74a28beca4db2ad821816c35882f2e10618fa192af3660decdb7d39

SHA512
8f4e88aedb4d9e43106dc820d00f806c639af9e1ce05804180465cebb12ca45f5f709db2971e79baea29146971835c930e8aea0ac157f61f3036a6ccf983d799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
69e0763e4e2e66b7efd3a867989829ed

SHA1
2ffe22f02d20feea908fdd30513ef39b80b67cc1

SHA256
644f9697aead92ceeed670c54ce40b1531446055c58344d4bd778584a960671a

SHA512
ac40b169a13bae8d786a229a67b6d3ed8fcde04b9aae31f8530c81c13b8bc4b0eb8ee43f01a98ed4cd29f8ddacac7cc6effb0197118cd67c6104d999ccc78e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
edc6e7c2587ef882715340ff1321a520

SHA1
c9c4b57b848e112fa8590430dd0a6cb77491022c

SHA256
f6f40138dc1546fcaf3e9e56bd83a0fa8f53f8ee87edf23a5da4543357e97558

SHA512
556306896545e721824d74177b045cba358562697cf3dd0e0114754eb53ff68e12e4da1834150834edf76c464a7b0f52e4223bf83f091aee2f2e5584a33fd47b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bbd5ffdd51be71fdc486b20e71a335b7

SHA1
cdc9540d6b4b8fdd5aa74e265c729c67001a42d9

SHA256
78c1f9c12b43e2762cd07eab6c04c6f98c65f6a3492be0ee7f3a8e50a11b59fd

SHA512
519151b01253a738cbef1ed2d2aac7a91939a152d5683e3c24e24cfd0241ccd26f6a3194779e79373ec734566ab76bd19f57f81831dbb25ae961bc9e5fbed14d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8999552683f56a64a3f544db29ec82a2

SHA1
50e0ac44b474ce724122862d7b013941797b2a38

SHA256
150421f7c9704359b6104364840b705e6094ab605cc54f4804f075e276fa629c

SHA512
4d4af600a18a4406cbc04224bce08ab11e1f33a7ec08d375ed9977b7364f4a022da08b49b5a81c8cdc12e2a325811e9c2d58d2d35074c5c303f167b8b2ea36be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fc85b72db2095a42676d4a7623c6bc91

SHA1
67f8470962dfc99056b538545904e550df151921

SHA256
979f430611b811301b844fff32507abc03eeb1af43ff3499800699ad617cd7c9

SHA512
1e0aa8a216bdbec700f7ead0aed003e683a62c4bf76e49d0f826ee9e054a1fc0350e5702c4921d60722598ff346c0091230d2a35db4fbd76be0ffc9f1b2186a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
017f9b48db6abfdeaade3200d765c04b

SHA1
5899b67ace18a6ba4e1409aacd7d81b8d9008718

SHA256
35f74bf7996b4810758b14a44e8b554b1dab6335a13b2d1da58ab35f8a241b2b

SHA512
a6e5ece7915b85f7497d26f5121ef199efc7e56e61a2d2bc2a5e4944ad5e998fb049b1778713750b6f28441bc3c7e1fe9b72e27b30eab24faaef2ace5faf4a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a98844944d167aee7349cf296ea6f23d

SHA1
efb201038b9748ca1cc1fda9e74313c461a0f12b

SHA256
73e9cd834f5818b2a453d8ef24edd33dec1c5ff56ecd9ccd7021bf61093b1c3d

SHA512
4f9dea999f6c6ae294808d1ca148559f05ba2e1534929468f44f17ec13c774e98579fe1c219ede8b594342f46943211fdcb1f0373bedff9b178df34de1c36b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58179a.TMP

Filesize
1KB

MD5
6658572e7e29c583f201e94d82ec2f03

SHA1
df0ed15602308c0dacbcb076ad611f3378cd8023

SHA256
7d70f5b4df782f2521ccc5229962fdd5b80b6d4f3ec2f1401cb9ef6b31882e61

SHA512
60dc27e4c44621b7a8a498c0b1ad20555c540688c366b3a0cd14c15c049518dd578cf5168d2dae6f2984ea0690b6bf48a9fa1e49a9b569f9d8bef5d8ff90b752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit